---
apiVersion: deckhouse.io/v1
kind: DexProvider
metadata:
  name: openldap-demo
spec:
  type: LDAP
  displayName: OpenLDAP Demo
  ldap:
    host: ldap-service.openldap-demo:389
    insecureSkipVerify: true
    insecureNoSSL: true

    bindDN: cn=admin,dc=example,dc=org
    bindPW: admin

    usernamePrompt: Email Address

    userSearch:
      baseDN: ou=People,dc=example,dc=org
      filter: "(objectClass=person)"
      username: mail
      # "DN" (case sensitive) is a special attribute name. It indicates that
      # this value should be taken from the entity's DN not an attribute on
      # the entity.
      idAttr: DN
      emailAttr: mail
      nameAttr: cn

    groupSearch:
      baseDN: ou=Groups,dc=example,dc=org
      filter: "(objectClass=groupOfNames)"

      userMatchers:
        # A user is a member of a group when their DN matches
        # the value of a "member" attribute on the group entity.
        - userAttr: DN
          groupAttr: member

      # The group name should be the "cn" value.
      nameAttr: cn
